Logfile of HijackThis v1.99.1
Scan saved at 11:18:20, on 2006-10-07
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\glossary.exe
C:\Program Files\iPlus\iPlusChecker.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\System32\directxbt.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\Paweł\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.iplus.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\glossary.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\glossary.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe
O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM…\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM…\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [mysvcig38] mysvcc.exe
O4 - HKLM…\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp3\winampa.exe”
O4 - HKLM…\Run: [RBot v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server] C:\WINDOWS\System32\glossary.exe
O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM…\RunServices: [Microsoft Directxsp] directxbt.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [RBot v2 with NetAPI exploit traded with billgates I gave my mother Greetz - OG - Bluehell Irc Server] C:\WINDOWS\System32\glossary.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\RunServices: [Microsoft Directxsp] directxbt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\j8j6li1s18.dll
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)